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109th  congress    f  W  ^  Cf  Cf 

2D  SESSION     ti  •  K.  D  D  D  y 

To  improve  the  exchange  of  health  information  by  encouraging  the  creation, 
use,  and  maintenance  of  hfetime  electronic  health  records  in  independent 
health  record  banJcs,  by  using  such  records  to  build  a  nationwide  health 
information  technology  infrastructure,  and  by  promoting  participation 
in  health  information  exchanges  by  consumers  through  tax  incentives. 


IN  THE  HOUSE  OF  REPRESENTATIVES 

June  8,  2006 

Mr.  Ryan  of  Wisconsin  (for  himself,  Mr.  SESSIONS,  Mr.  MoORE  of  Kansas, 
and  Mr.  Herger)  introduced  the  following  bill;  which  was  referred  to  the 
Committee  on  Energy  and  Commerce,  and  in  addition  to  the  Committee 
on  Ways  and  Means,  for  a  period  to  be  subsequently  determined  by  the 
Speaker,  in  each  case  for  consideration  of  such  provisions  as  fall  within 
the  jurisdiction  of  the  committee  concerned 


A  BILL 

To  improve  the  exchange  of  health  information  by  encour- 
aging the  creation,  use,  and  maintenance  of  hfetime  elec- 
tronic health  records  in  independent  health  record  banks, 
by  using  such  records  to  build  a  nationwide  health  infor- 
mation technology  infrastructure,  and  by  promoting  par- 
ticipation in  health  information  exchanges  by  consumers 
through  tax  incentives. 

1  Be  it  enacted  hy  the  Senate  and  House  of  Representa- 

2  tives  of  the  United  States  of  America  in  Congress  assembled, 


2 

1  SECTION  1.  SHORT  TITLE. 

2  This  Act  may  be  cited  as  the  "Independent  Health 

3  RecordBank  Act  of  2006". 

4  SEC.  2.  PURPOSE. 

5  It  is  the  purpose  of  this  Act  to  provide  for  the  estab- 

6  hshment  of  a  nationwide  heahh  information  technology 

7  network  that — 

8  (1)  improves  health  care  quality,  reduces  med- 

9  ical  errors,  increases  the  efficiency  of  care,  and  ad- 

10  vances  the  delivery  of  appropriate,  evidence-based 

11  health  care  services; 

12  (2)  promotes  wellness,  disease  prevention,  and 

13  the  management  of  chronic  illnesses  by  increasing 

14  the  availability  and  transparency  of  information  re- 

15  lated  to  the  health  care  needs  of  an  individual; 

16  (3)  ensures  that  appropriate  information  nee- 

17  essary  to  make  medical  decisions  is  available  in  a  us- 

18  able  form  at  the  time  and  in  the  location  that  the 

19  medical  service  involved  is  provided; 

20  (4)  produces  greater  value  for  health  care  ex- 

21  penditures  by  reducing  health  care  costs  that  result 

22  from  inefficiency,  medical  errors,  inappropriate  care, 

23  and  incomplete  information; 

24  (5)   promotes  a  more  effective  marketplace, 

25  greater  competition,  greater  systems  analysis,  in- 
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1  creased  choice,  enhanced  quahty,  and  improved  out- 

"2  comes  in  health  care  services; 

3  (6)  improves  the  coordination  of  information 

4  and  the  provision  of  such  services  through  an  effec- 
"  5  tive  infrastructure  for  tlie  secure  and  authorized  ex- 

6  change  and  use  of  health  information;  and 

7  (7)  ensures  that  the  confidentiality  of  individ- 

8  ually  identifiable  health  information  of  a  patient  is 
9'  secure  and  protected. 

10  SEC.  3.  DEFINITIONS. 

11  In  this  Act: 

12  (1)  Account. — The  term  "account"  means  an 
rS  electronic  health  record  of  an  individual  contained  in 

14  an  independent  health  record  bank. 

15  (2)  Electronic  health  record. — The  term 

16  "electronic  health  record"  means  a  longitudinal  col- 

17  lection  of  personal  health  information  concerning  a 

18  single  individual,  entered  or  accepted  by  health  care 

19  providers,  and  stored  electronically. 

20  (3)  HeaIjTH  care  entity. — The  term  "health 

21  care  entity"  includes  health  care  consumers,  health 

22  care  providers,  and  health  care  payers,  government 

23  agencies,   pharmaceutical   companies,  laboratories, 

24  and  health  care  research  institutes. 

•HR  5559  IH 


4 

1  (4)  HIPAA  REGULATIONS.— The  term  ''HIPAA 

2  regulations"   means   the   regulations  promulgated 

3  under  section  264(c)  of  the  Health  Insurance  Port- 

4  ability  and  Accountability  Act  of  1996  (42  U.S.C. 

5  1320d-2  note). 

6  (5)  Individually  identifiable  heai^th  in- 

7  formation. — The   term   "individually  identifiable 

8  health  information"  has  the  meaning  given  such 

9  term  in  section  1171(6)  of  the  Social  Security  Act 

10  (42  U.S.C.  1320d(6)). 

11  (6)      NONIDENTIFIABLE      HEAI.TH  INFORMA- 

12  TION. — The  term  "nonidentifiable  health  informa- 

13  tion"  means  any  list,  description,  or  other  grouping 

14  of  consumer  information  (including  publicly  available 

15  information  pertaining  to  them)  that  is  derived  with- 

16  out  using  personally  identifiable  information  that  is 

17  not  publicly  available. 

18  (7)  Partially  identifiable  health  infor- 

19  MATION. — The  term  "partially  identifiable  health  in- 

20  formation"  means  any  list,  description,  or  other 

21  grouping  of  consumer  information  (including  pub- 

22  licly  available  information  pertaining  to  them)  that 

23  is  derived  using  any  personally  identifiable  informa- 

24  tion  that  is  not  publicly  available. 
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1  (8)  Protected  health  information. — The 

2  term  "protected  health  information"  shah  have  the 

3  meaning  given  such  term  for  purposes  of  HIPAA 

4  regulations. 

5  (9)  Board  of  governors. — The  term  "Board 

6  of  Governors"  means  the  Board  of  Governors  of  the 

7  Federal  Reserve  System. 

8  SEC.  4.  INDEPENDENT  HEALTH  RECORD  BANKS. 

9  (a)  Purpose. — It  is  the  purpose  of  tliis  section  to 


10  pro^dde  for  the  establishment  of  independent  health  record 

11  banks  to  achieve  financial  savings  in  the  health  care  sys- 
•            12  tem  and  improvements  in  the  provision  of  health  care 

13  through — 


14  (1)  the  creation  and  storage  of  lifetime  indi- 

15  vidual  electronic  health  records  for  individuals  that 

16  may  contain  health  plan  and  debit  card  functionality 

17  and  that  serves  the  interests  of  all  health  care  enti- 

18  ties; 

19  (2)  the  utilization  of  a  technological  infrastmc- 

20  ture  with  the  goal  of  connecting  health  records  to 

21  build  a  national  health  information  network; 

22  (3)  the  provision  of  health  information  data 

23  sets,  within  distinct  authorization  boundaries,  based 

24  on  usage  needs,  including — 
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1  (A)  the  sale  of  approved  data  for  research 

2  and  other  consumer  purposes  as  provided  for 

3  under  section  6(b);  t 

4  (B)  the  provision  of  data  for  emergenley 

5  health  care  as  provided  for  under  section  6(e); 

6  and 

7  (C)  the  provision  of  data  for  all  other 

8  health  care  needs  determined  appropriate  by 

9  the  Board  of  Governors  (in  accordance  with  the 

10  protections  pro^dded  for  under  section  6); 

11  (4)  the  offering  of  incentives  to  employers  that 

12  face  rising  employee  health  costs,  to  encourage  em- 

13  ployee  participation  in  independent  health  record 

14  banks;  and 

15  (5)  the  creation  of  a  source  of  tax-free  income 

16  to  support  the  operations  of  the  independent  health 

17  record  banks,  and,  through  revenue  sharing,  to  pro- 

18  vide  incentives  to  independent  health  record  bank  ac- 

19  count  holders,  health  care  providers,  and  fee  payers 

20  to  contribute  health  information. 

21  (b)  Establishment. — 

22  (1)  In  general. — Not  later  than  one  year 

23  after  the  date  of  the  enactment  of  this  Act,  the 

24  Board  of  Governors  shall  prescribe  standards  for  the 

25  establishment  and  certification  of  independent  health 
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1  record  banks  to  carry  out  the  purpose  described  in 

2  subsection  (a). 

3  (2)  Requirement  of  non-profit  entity. — 

4  Under  the  standards  under  paragraph  (1),  a  non- 

5  profit  entity  may  estabUsh  an  independent  health 

6  record  bank  as  a  cooperative  entity  that  operates  for 

7  the  benefit  and  in  the  interests  of  the  membership 

8  of  the  bank  as  a  whole.  Such  bank  shall  be  omied 

9  and  controlled  by  its  members. 

10  (3)  For-profit  entities. — Under  the  stand- 

11  ards  under  paragraph  (1),  a  for-profit  entity  may 

12  not  participate  in  the  establishment  and  operation  of 

13  an  independent  health  record  bank,  except  to  the  ex- 

14  tent  that  such  entity  is  by  contract  employed  to  as- 

15  sist  in  carrying  out  the  operations  of  the  bank. 

16  (4)  Treatment  as  covered  entity  for  pur- 

17  POSES  OF  HIPAA  REGULATIONS. — To  the  extent  that 

18  an  independent  health  record  bank  (or  associated 

19  vendor)  is  engaged  in  receiving  or  transmitting  pro- 

20  tected  health  information,  the  bank  shall  be  consid- 

21  ered  to  be  a  HIPAA  covered  entity  for  purposes  of 

22  HIPAA  regulations  with  respect  to  such  informa- 

23  tion. 

24  (c)  Membership. — 
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1  (1)  In  general. — To  be  eligible  to  be  a  mem- 

2  ber  of  an  independent  health  record  bank,  an  indi- 

3  vidual  shall  obtain  or  have  obtained  a  product  or 

4  service  from  a  covered  entity  that  is  to  be  used  pri- 

5  marily  for  personal,  family,  or  household  purposes, 

6  or  that  individual's  legal  representative. 

7  (2)  No  LIMITATION  ON  MEMBERSHIP. — Nothing 

8  in  this  subsection  shall  be  construed  to  permit  an 

9  independent  health  record  bank  to  restrict  member- 

10  ship. 

11  (d)  Rights  Relating  to  Information  in  the 

12  Bank.— 

13  (1)  iNDmDUAL  consumers. — 

14  (A)  General  right. — ^An  individual  who 

15  has  a  health  record  contained  in  an  independent 

16  health  record  bank  shall  maintain  omiership 

17  over  the  entire  health  record  and  shall  have  the 

18  right  to  review  the  contents  of  the  entire  record 

19  at  any  time  during  the  normal  business  oper- 

20  ating  hours  of  the  bank. 

21  (B)  Additional  information  and  limI- 

22  TATION. — ^An  individual  described  in  subpara- 

23  graph  (A)  may  add  personal  health  information 

24  to  the  health  record  of  that  individual,  except 

25  that  such  individual  shall  not  falsify  informa- 
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1  tioii  and  shall  not  alter  information  that  is  en- 

2  tered  into  the  health  record  by  a  health  care  en- 

3  tity.  Snch  an  indi^ddual  shall  have  the  right  to 

4  propose  an  amendment  to  information  that  is 

5  entered  by  a  health  care  entity  pursuant  to 

6  standards  prescribed  by  the  Board  of  Governors 

7  for  purposes  of  correcting  such  information. 

8  (2)  Other  health  care  entities. — health 

9  care  entity  (other  than  the  individual  who  maintains 
^  10  omiership  over  the  health  record  involved)  shall 

11  serve  as  the  custodian  of  only  information  that  has 

12  been  added  by  such  entity  to  the  health  record.  Such 

13  entity  may  be  permitted  to  have  access  to  other 

14  specified  information  contained  in  such  health  record 

15  (incluchng  the  entire  record  if  appropriate)  if  such 

16  access  is  granted  by  the  independent  health  record 

17  bank  and  the  individual  involved  (pursuant  to  stand- 

18  ards  prescribed  by  the  Secretary  relating  to  access 

19  to  information). 

20  (e)  Financing  of  Activities. — 

21  (1)    In    general. — ^Aii    independent  health 

22  record  bank  may  generate  revenue  to  pay  for  the  op- 

23  erations  of  the  bank  through — 
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1  (A)  charging  health  care  entities,  including 

2  individual  account  holders,  account  fees  for  use 

3  of  the  bank; 

4  (B)  the  sale  of  nonidentifiable  and  par- 

5  tially  identifiable  health  information  contained 

6  in  the  bank  for  research  purposes  (as  provided 

7  for  in  section  6(b));  and 

8  (C)  the  conduct  of  any  other  activities  de- 

9  terinined  appropriate  by  the  Board  of  Gov- 

10  ernors. 

11  (2)  Sharing  of  revenue. — Revenue  derived 

12  under  paragraph  (1)(B)  shall  be  shared  with  inde- 

13  pendent  health  record  bank  account  holders,  and 

14  may  be  shared  with  health  care  providers  and  pay- 

15  ers,  in  accordance  with  this  Act. 

16  (3)  Treatment  of  income. — For  purposes  of 

17  the  Internal  Revenue  Code  of  1986,  any  revenue  de- 

18  scribed  in  tliis  subsection  shall  not  be  included  in 

19  gross  income  of  any  independent  health  record  bank, 

20  independent  health  record  bank  account  holder, 

21  health  care  provider,  or  payer  described  in  this  sub- 

22  section. 

23  SEC.  5.  HEALTH  CARE  CLEARINGHOUSE  ACTIVITIES. 

24  (a)  Application  of  Section. — This  section  shall 

25  apply  to  an  independent  health  record  bank  (and  associ- 
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1  ated  vendors)  mth  respect  to  activities  undertaken  by  such 

2  bank  in  operating  as  a  health  care  clearinghouse  (as  such 

3  term  is  defined  in  section  1171(2)  of  the  Social  Security 

4  Act  (42  U.S.C.  1329d(2)). 


5  (b)  Accreditation. — 

'6'  (1)  In  general. — To  be  ehgible  to  carry  out 

7  clearinghouse  activities  under  this  section,  an  inde- 

8  pendent  health  record  bank  (and  associated  vendors 

9  performing  clearinghouse  functions)  shall  be  accred- 

10  ited  by  a  national  standards  development  organiza- 

11  tion,  utilizing  the  criteria  described  in  paragraph 

12  (2),  that  is  properly  authenticated  and  registered 

13  with  the  Attorney  General  and  the  Federal  Trade 

14  Commission  pursuant  to  the  provisions  of  the  Na- 

15  tional  Cooperation  Research  and  Production  Act  of 

16  1993  (15  U.S.C.  4301  et  seq.). 

17  (2)  Criteria. — The  criteria  to  be  used  by  a  na- 

18  tional  standards  development  organization  in  the  ac- 

19  creditation  of  an  independent  health  record  bank 

20  under  this  section  shall  be  designed  to  measure  the 

21  competency,  assets,  practices,  and  procedures  of  the 

22  bank  for  purposes  of  conducting  clearinghouse  ac- 

23  tivities.  Such  criteria  shall  include — 

24  (A)  the  technical  capacity  and  electronic 

25  facilities  of  the  bank  for  the  receipt,  trans- 
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1  mission,  and  handling  of  electronic  health  infor- 

2  mation  transactions; 

3  (B)  the  ability  of  the  bank  to  process 

4  transactions  to  which  HIPAA  regulations  apply; 

5  (C)  the  backup  and  disaster  recovery  plans 

6  and  capacity  of  the  bank; 

7  (D)  the  privacy  practices,  procedures,  and 

8  employee  training  programs  of  the  bank  con- 

9  sistent  with  HIPAA  regulations;  and 

10  (E)  the  security  practices,  procedures,  and 

11  employee  training  programs  of  the  bank  con- 

12  sistent  with  HIPAA  regulations,  including  com- 

13  pliance  with  the  HIPAA  regulations  security 

14  rule  that  protected  health  information  must 

15  only  be  viewable  by  the  intended  recipient. 

16  (3)   Existing  cleakinghouses. — ^An  inde- 

17  pendent  health  record  bank  operated  by  an  entity 

18  that  has  been  certified  under  part  C  of  title  XL  of 

19  the  Social  Security  Act  (42  U.S.C.  1320d  et  seq.)  as 

20  a  health  care  clearinghouse  before  the  date  of  the 

21  enactment  of  this  Act  shall  be  considered  to  be  ac- 

22  credited  for  purposes  of  paragraph  ( 1 ) . 

23  (c)  Information  Requirement. — ^An  independent 


24  health  record  bank  acting  as  a  health  care  clearinghouse 

25  under  this  section  shall  ensure  that  reporting  services  are 
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1  provided  to  indmdual  consumers  in  a  manner  that  in- 

2  eludes  the  provision  of  lists  of  individuals  or  organizations 

3  that  have  accessed  the  health  record  account  of  the  con- 

4  sumer  or  to  whom  health  information  disclosures  con- 

5  cerning  the  consumer  have  been  made  in  accordance  with 

6  the  requirements  of  HIPAA  regulations. 

7  SEC.  6.  AVAILABILITY  AND  USE  OF  HEALTH  INFORMATION 

8  IN  BANK. 

9  (a)  General  Rule. — Except  as  provided  in  this  sec- 

10  tion,  access  to  an  individual's  electronic  health  record  (or 

11  specified  parts  of  such  electronic  health  record)  main- 

12  tained  by  an  independent  health  record  bank  shall  only 

13  be  provided  with  the  prior  authorization  of  the  individual 

14  involved,  as  authenticated  as  provided  for  under  the  stand- 

15  ards  prescribed  by  the  Board  of  Governors  under  section 

16  8. 

17  (b)  Availability  of  Data  for  Research  and 

18  Other  Activities. — ^An  independent  health  record  bank 

19  may  sell  nonidentifiable  and  partially  identifiable  health 

20  information,  with  respect  to  an  individual,  only  if — 

21  (1)  the  bank  and  the  individual  agree  to  the 

22  sale; 

23  (2)  the  agreement  provided  for  under  para- 

24  graph  (1)  includes  parameters  for  the  disclosure  of 

25  information  involved  and  a  process  for  the  authoriza- 
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1  tioii  of  the  farther  disclosure  of  partially  identifiable 

2  health  information; 

3  (3)  the  data  involved  are  to  be  used  for  re- 

4  search  or  other  activities  only  as  provided  for  in  the 

5  agi'eement  under  paragraph  (1);  : 

6  (4)  the  data  involved  do  not  identify  the  indi- 

7  vidual  who  is  the  subject  of  the  data; 

8  (5)  the  revenue  to  be  derived  from  the  sale  of 

9  the  data  is  collected  by  the  bank  and  equally  divided 

10  between  the  bank  and  the  individual  involved,  except 

11  that  revenue  may  also  be  distributed  to  health  care 

12  providers  and  payers  as  incentives  to  contribute  ad- 

13  ditional  data  to  the  bank;  and 

14  (6)  the  transaction  otherwise  meets  the  require- 

15  ments  and  standards  prescribed  by  the  Board  of 

16  Governors. 

17  (c)   Availability   of   Data  for  Emergency 

18  Health  Care. — 

19  (1)  Findings. — Congress  finds  that — 

20  (A)  given  the  size  and  nature  of  visits  to 

21  emergency  departments  in  the  United  States, 

22  readily  available  health  information  could  make 

23  the  difference  between  life  and  death;  and 

24  (B)  because  of  the  case  mix  and  volume  of 

25  patients   treated   in   emergency  departments. 
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1  such  departments  are  well  positioned  to  provide 

2  information  for  public  health  surveillance,  com- 

3  munity  risk  assessment,  research,  education, 

4  training,  quality  improvement,  and  other  uses. 

5  (2)   Use  OF  data. — ^An  independent  health 

6  record  bank  may  permit  health  care  providers  to  ac- 

7  cess,  during  an  emergency  department  visit,  a  lim- 

8  ited,  authenticated  information  set  concerning  an  in- 

9  dividual  for  emergency  response  purposes  without 

10  the  prior  consent  of  the  individual.  Such  limited  in- 

1 1  formation  may  include — 

12  (A)  patient  identification  information,  as 

13  determined  appropriate  by  the  individual  in- 

14  volved; 

15  (B)  provider  identification  that  includes 

16  the  use  of  unique  provider  identifiers  as  pro- 

17  vided  for  in  section  1173  of  the  Social  Security 

18  Act  (42  U.S.C.  1320d-2); 

19  (C)  payment  information; 

20  (D)  arrival  and  first  assessment  data; 

21  (E)  information  related  to  existing  chronic 

22  problems  and  active  clinical  conditions  of  the 

23  individual; 

24  (F)  information  related  to  the  individual's 

25  vitals,  allergies,  and  medication  history;  and 
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1  (G)  information  concerning  physical  exami- 

2  nations,  procedures,  results,  and  diagnosis  in- 

3  formation  relating  to  the  \dsit. 

4  SEC.  7.  ENSURING  PRIVACY  AND  SECURITY. 

5  (a)  In  General. — Current  Federal  security  and  con- 

6  fidentiality  standards  and  State  securit}^  amd  confiden- 

7  tiality  laws  shall  apply  to  tliis  Act  (and  the  amendments 

8  made  by  tliis  Act)  until  such  time  as  Congress  acts  to 

9  amend  such  standards. 

10  (b)  Application  of  HIPAA  Regulations  axd 

11  Transactional  Standards. — NotMng  in  this  Act  (or 

12  the  amendments  made  by  tliis  Act)  shall  be  construed  to 

13  narroAv  the  scope,  substance,  or  applieability  of  part  C  of 

14  title  XI  of  the  Social  Security  Act  (42  U.S.C.  1320d  et 

15  seq.),  or  HIPAA  regulations,  as  such  pro\dsions  or  regula- 

16  tions  relate  to  mdi^iduaUy  identifiable  health  information 

17  maintained  in  an  independent  health  record  bank. 

18  (c)  Treatjvient  of  State  Laws. — Nothing  in  tliis 

19  Act  (or  the  amendments  made  by  tliis  Act)  shall  be  coii- 

20  stmed  as  preempting  or  otherwise  affecting  any  provision 

21  of  State  law  (or  any  State  regulation)  relating  to  the  pri- 

22  vaey  and  confidentiality  of  indi^^dduaU}^  identifiable  health 

23  information  or  to  the  security  of  such  information,  to  the 

24  extent  that  such  pro\dsion  (or  regulation) — 
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1  (1)  pro\ddes  at  least  as  much  protection  as  oth- 

2  erwdse  pro\dded  under  this  Act  and  under  HIPAA 

3  regTilations;  and 

4  (2)  does  not  prohibit  or  restrict  the  exchange  of 

5  health  information  across  State  borders. 

6  (d)  State  Defined. — For  purposes  of  this  section, 


7  the  term  "State"  has  the  meaning  given  such  term  when 

8  used  in  title  XI  of  the  Social  Security  Act,  as  provided 

9  under  section  1101(a)  of  such  Act  (42  U.S.C.  1301(a)). 
10  SEC.  8.  REGULATORY  OVERSIGHT. 


11  (a)  In  General. — In  carrying  out  this  Act,  the 

12  Board  of  Governors,  acting  through  the  Under  Secretary 

13  for  Technology  or  other  appropriate  official,  shall — 

14  (1)  develop  a  program  to  certify  entities  to  op- 

15  erate  independent  health  record  banks; 

16  (2)  provide  assistance  to  encourage  the  growth 

17  of  independent  health  record  banks; 

18  (3)  track  economic  progress  as  it  pertains  to 

19  independent  health  record  bank  operators  and  indi- 

20  viduals  receiving  non-taxable  income  with  respect  to 

21  accounts; 

22  (4)  conduct  public  education  activities  regarditig 

23  the  creation  and  use  of  the  independent  health 

24  record  banks; 
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1  (5)  establish  an  interagency  council  under  sub- 

2  section  (b)  to  develop  standards  for  Federal  security 

3  auditing  for  entities  operating  independent  health 

4  record  banks;  and 

5  (6)  carry  out  any  other  activities  determined 

6  appropriate  by  the  Board  of  Governors. 

7  (b)  Interagency  Council  for  Security  Audit- 

8  INC. — 

9  (1)  In  general. — The  Board  of  Governors,  in 

10  consultation  with  the   Secretary  of  Health  and 

11  Human  Sendees  and  other  appropriate  Federal  offi- 

12  cials,  shall  establish  an  interagency  council  to  de- 

13  velop  standards  for  Federal  security  auditing  as  it 

14  relates  to  data  security,  authentication,  and  author- 

15  ization   recommendations,    and   reviews    of  inde- 

16  pendent  health  record  banks. 

17  (2)  Duties. — The  interagency  council  estab- 

18  lished  under  paragraph  (1)  shall  take  into  consider- 

19  ation  the  following  factors  when  developing  rec- 

20  ommendations  for  security,  authentication,  and  au- 

21  thorization  of  information  in  independent  health 

22  record  banks: 

23  (A)  The  number  and  type  of  factors  used 

24  for  the  exchange  of  protected  health  informa- 

25  tion. 
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1  (B)  The  requirement  that  individuals,  who 

2  have  health  records  that  are  maintained  by  the 

3  bank,  be  notified  of  a  security  breech  with  re- 

4  spect  to  such  records,  and  any  corrective  action 

5  taken  on  behalf  of  the  individual. 

6  (C)  The  requirement  that  information  sent 

7  to,  or  received  from,  an  independent  health 

8  record  bank  that  has  been  designated  as  high- 

9  risk  should  be  authenticated  through  the  use  of 

10  methods  such  as  the  periodic  changing  of  pass- 

11  words,  the  use  of  biometrics,  the  use  of  tokens 

12  or  other  technology  as  determined  appropriate 

13  by  the  council. 

14  (D)  Recommendations  for  entities  oper- 

15  ating  independent  health  record  banks,  includ- 

16  ing  requiring  analysis  of  the  potential  risk  of 

17  health  transaction  security  breaches  based  on 

18  set  criteria. 

19  (E)  The  conduct  of  audits  of  independent 

20  health  record  banks  to  ensure  that  they  are  in 

21  compliance  with  the  requirements  and  stand- 

22  ards  established  under  this  Act. 

23  (3)   Compliance   report. — The  interagency 

24  council  established  under  this  subsection  shall  annu- 

25  ally  submit  to  the  Board  of  Governors  a  report  on 
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1  compliance  by  independent  health  record  banks  with 

2  the  requirements  and  standard  under  this  Act.  Such 

3  report  shall  be  included  in  the  corresponding  annual 

4  report  required  under  subsection  (d). 

5  (c)    Inteeagency    Memorandum    op  Under- 

6  STANDING. — The  Board  of  Governors  and  the  Secretary 

7  of  Health  and  Human  Services,  and  other  Federal  officials 

8  that  may  be  impacted  by  this  Act,  shall  ensure,  through 

9  the  execution  of  an  interagency  memorandum  of  under- 

10  standing  among  the  Board,   Secretary,   and  officials, 

11  that— 

12  (1)   regulations,   rulings,   and  interpretations 

13  issued  by  such  Board,  Secretary,  or  officials  relating 

14  to  the  same  matter  over  which  two  or  more  of  such 

15  entities  have  responsibility  under  tliis  Act  are  ad- 

16  ministered  so  as  to  have  the  same  effect  at  all  times; 

17  and 

18  (2)  coordination  of  policies  relating  to  enforcing 

19  the  same  requirements  through  the  Board,  Sec- 

20  retary,  or  officials  in  order  to  have  a  coordinated  en- 

21  forcement  strategy  that  avoids  duplication  of  en- 

22  forcement  efforts  and  assigns  priorities  in  enforce- 

23  ment. 

24  (d)  Annual  Eeport. — Not  later  than  one  year  after 

25  the  date  of  the  enactment  of  this  Act,  and  annually  there- 
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1  after,  the  Secretary,  acting  through  the  Under  Secretary 

2  for  Technology,  shall  submit  to  the  Committee  on  Energy 

3  and  Commerce  and  the  Committee  on  Ways  and  Means 

4  of  the  House  of  Representatives  and  the  Committee  on 

5  Health,  Education,  Labor,  and  Pensions  and  the  Com- 

6  mittee  on  Finance  of  the  Senate,  a  report  that — 

7  (1)  describes  individual  owner  or  institution  op- 

8  erator  economic  progress  as  achieved  through  the 

9  use  of  independent  health  record  bank  and  existing 

10  barriers  to  such  use; 

11  (2)  describes  progress  in  security  auditing  as 

12  provided  for  by  the  interagency  security  council 

13  under  subsection  (b);  and 

14  (3)  contains  information  on  the  other  duties  of 

15  the  Board  of  Governors,  as  described  in  subsection 

16  (a). 

17  SEC.  9.  PENALTIES  FOR  WRONGFUL  DISCLOSURE. 

18  The  penalties  provided  for  in  subsection  (a)  of  section 

19  1177  of  the  Social  Security  Act  (42  U.S.C.  1320d-6)  shall 

20  apply  to  the  wrongful  disclosure  of  information  collected, 

21  maintained,  or  made  available  by  an  independent  health 

22  record  bank  under  this  Act,  including  disclosures  by  any 

23  employees  or  associates  of  any  such  bank  or  other  health 

24  care  entity  using  or  disclosing  such  information,  in  the 
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1  same  manner  as  such  penalties  apply  to  a  person  in  viola- 

2  tion  of  subsection  (a)  of  such  section. 

3  SEC.  10.  TREATMENT  OF  EMPLOYER-PROVIDED  EMPLOYEE 

4  INDEPENDENT  HEALTH  RECORD  BANK  AC- 

5  COUNT  FEES. 

6  (a)  In  General. — Section  162  of  the  Internal  Rev- 

7  enue  Code  of  1986  (relating  to  trade  or  business  expenses) 

8  is  amended  by  redesignating  subsection  (q)  as  subsection 

9  (r)  and  by  inserting  after  subsection  (p)  the  following  new 

10  subsection: 

11  "(q)  Treatment  of  Employer-Provided  Em- 

12  ployee  Independent  Health  Record  Bank  Ac- 

13  COUNT  Fees. — 

14  "(1)  In  generaIj. — In  the  case  of  a  taxpayer, 

15  there  shall  be  allowed  as  a  deduction  under  this  sec- 

16  tion  an  amount  equal  to  the  independent  health 

17  record  bank  account  investment  provided  by  such 

18  taxpayer  during  the  taxable  year. 

19  "(2)  Independent  health  record  bank  ac- 

20  count  investment. — For  purposes  of  this  sub- 

21  section,  the  term  'independent  health  record  bank 

22  account  investment'  means,  with  respect  to  each  em- 

23  ployee  of  the  taxpayer  for  any  taxable  year,  an 

24  amount  equal  to  the  the  cost  paid  by  the  taxpayer 
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1  during  the  taxable  year  for  such  employee  to  main- 

2  tain  an  independent  health  record  bank  account. 

3  "(3)  Independent  health  record  bank  ac- 

4  COUNT. — For  purposes  of  this  subsection,  the  term 

5  'independent  health  record  bank  account'  has  the 

6  meaning  given  to  the  term  'account'  under  section 

7  3(1)  of  the  Independent  Health  Record  Bank  Act  of 

8  2006. 

9  "(4)  Speciai.  rules. — No  credit  or  deduction 

10  (other  than  under  this  subsection)  shall  be  allowed 

11  under  this  chapter  with  respect  to  any  expense 

12  which  is  taken  into  account  under  paragraph  (1)  in 

13  determining  the  deduction  under  this  subsection. 

14  "(5)  Reports. — 

15  "(A)  In  general. — Each  taxpayer  shall 

16  make  such  reports  to  the  Chairman  of  the  Fed- 

17  eral  Reserve  Board  of  Governors  and  to  employ- 

18  ees  of  the  taxpayer  regarding — 

19  "(i)  independent  health  record  bank 

20  account  investments  made  with  respect  to 

21  such  employees  during  any  calendar  year, 

22  and 

23  "(ii)  such  other  information  as  the 

24  Chairman  may  require. 
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1  "(B)  Time  for  making  reports. — The 

2  reports  required  by  this  subsection — 

3  "(i)  shall  be  filed  at  such  time  and  in 

4  such  manner  as  the  Chairman  of  the  Fed- 

5  eral   Reserve   Board   of  Governors  pre- 

6  scribes,  and 

7  "(ii)  shall  be  famished  to  employees — 

8  "(I)  not  later  than  January  31  of 

9  the  calendar  year  followdng  the  cal- 

10  endar  year  to  which  such  reports  re- 

11  late,  and 

12  "(II)    in   such   manner   as  the 

13  Chairman  prescribes. 

14  "(6)  Regulations. — The  Secretary  may  pre- 

15  scribe  such  regulations  as  may  be  necessary  or  ap- 

16  propriate  to  carry  out  this  subsection. 

17  "(7)  Application  of  subsection. — This  sub- 

18  section  shall  apply  mth  respect  to  any  independent 

19  health  record  bank  account  investments  made  by  the 

20  taxpayer  for  the  5 -taxable  year  period  beginning 

21  with  the  first  taxable  year  during  which  such  invest- 

22  ments  are  made  by  the  taxpayer.". 

23  (b)  Effectr^  Date. — The  amendment  made  by 


24  this  section  shall  apply  to  taxable  years  beginning  after 

25  the  date  of  the  enactment  of  this  Act. 
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1  (e)  Additional  Incentr^e  for  Consumers  Par- 

2  TICIPATING  IN  niRB. — Revenue  generated  by  an  inde- 

3  pendent  health  record  bank  and  received  by  an  account 

4  holder,  health  care  entity,  or  health  care  payer  shall  not 

5  be  considered  taxable  income  under  the  Internal  Revenue 

6  Code  of  1986. 

O 


•HR  5559  IH 


I 


